Category: security

I attended a recent eDiscovery seminar. I wanted to poll the audience and get your thoughts on this subject. I was advised that you should not document your forensics process (criminal matters) because it then becomes discoverable and could be used against you in a court of law. Example: Let’s assume you have a documented forensics process that spells out you always have a cup of decaf coffee before examining a suspect’s machine. If you begin examining a suspect’s machine and forget to have that cup of decaf coffee you’ve now just made a gaping hole for the defense to use against you. Say goodbye to your credibility, Mr. Expert Witness no more.

On the other hand you must have a documented eDiscovery process (civil litigation). eDiscovery requires that your process is defensible and repeatable. You will need to be able to reproduce your eDiscovery process if called upon. However, there are no stipulations on how granular your process documentation must be. I would not recommend to spell out so many steps in your process that could leave you open for scrutiny. A generally broad eDiscovery process or flow that is published should suffice.

It will allow you to create an encrypted container. So lets say you need 1GB for your mp3’s. This program will make a 1GB file and when you put in your password that file becomes another hard drive on your computer. Then when you’re done or turn off the computer that extra hard drive goes away until you mount it again using your password.

Think of this as a FREE encrypted virtual thumb drive — (as long as you have a tough password)

I would like to run Snort and Bot Hunter on a spare Linux machine on my home LAN. My local network uses the very common Linksys WRT54G wireless router. Therefore I have a switched network which makes it very difficult to perform any type of network sniffing.

I’m asking for your thoughts and feedback to solve this problem. Right now I’ve come up with the following solutions:

Connect a hub to the router’s WAN port. Connect my cable modem and linux machine to the hub.